Application Security Architect
Altec Industries
- Louisville, Kentucky, United States
- Louisville, Kentucky, United States
Über
Key Responsibilities
Embed application security controls into CI/CD pipelines, including automated SAST, DAST, IAST, SCA, secrets detection, and IaC scanning.
Establish standardized security controls across platforms.
Design exceptions and compensating controls.
Partner with development teams to implement shift‑left security while maintaining delivery velocity.
Define and maintain secure coding standards, security design patterns, and reference architectures.
Participate in architecture and design reviews, including threat modeling for new applications and major changes.
Perform research and development (R&D) into existing processes and tooling opportunities.
Application & Cloud Security Assessment
Identify and assess security risks in web, mobile, API, SaaS, and cloud‑native applications developed internally or by third parties.
Perform or coordinate:
Source code reviews (manual and automated)
Application vulnerability assessments and penetration tests
API and microservices security testing & analysis
Cloud configuration and IaC security reviews
Validate findings, reduce false positives, and prioritize remediation based on business risk.
Establish reusable security architecture patterns for cloud‑native and distributed systems.
Vulnerability & Risk Management
Manage application security findings through a centralized vulnerability or risk management platform.
Work with development teams to define practical, risk‑based remediation guidance.
Track remediation progress, verify fixes, and support exception/risk acceptance processes.
Contribute to application security metrics, KPIs, and executive‑level reporting.
Translate technical debt and vulnerabilities into business risk and exposure.
Open Source & Supply Chain Security
Assess and manage risks related to open‑source dependencies, libraries, and third‑party components.
Support Software Composition Analysis (SCA) and software supply chain security initiatives (e.g., dependency hygiene, SBOMs).
Evaluate security posture of third‑party applications and vendors in collaboration with risk management team.
Verify compliance with third‑party component licensing models.
Software Compliance
Lead software compliance activities related to application vulnerabilities, data exposure, or insecure design.
Support application‑related forensic analysis and root‑cause investigations.
Assist with compliance and assurance activities related to secure development (e.g., NIST, ISO, SOC, internal audits).
Enablement & Education
Develop and deliver application security training for developers and cybersecurity teams.
Provide hands‑on guidance and documentation to improve developer security maturity.
Act as a security champion advocate, helping teams make informed security decisions.
Required Education, Experience, and Skills
High School Diploma/GED Required.
Bachelor’s Degree (Technical Degree Preferred) and 6 Years Relevant Experience OR 8 Years Relevant Experience.
1–2+ years of combined experience across software engineering, platform/cloud engineering, application security, & DevSecOps / SRE with strong cybersecurity ownership preferred.
5+ years in hands‑on software engineering or platform/cloud engineering preferred.
7+ years in application security, DevSecOps, or secure architecture preferred.
Strong understanding of modern SDLCs, Agile, and CI/CD practices.
Hands‑on experience with at least one major programming language (e.g., Java, C#, Python, JavaScript).
Practical knowledge of:
Web, mobile, and API security
Authentication and authorization models (OAuth2, OIDC, JWT, SAML)
OWASP Top 10 and API Top 10
Familiarity with cloud platforms (AWS, Azure, and/or OCI) and cloud‑native services.
Working knowledge of networking fundamentals, encryption, and secure communications.
Excellent written and verbal communication skills, with the ability to translate security risk into business impact.
Preferred / Beneficial Qualifications
Experience with application security tools such as SAST, DAST, IAST, SCA, secrets scanning, or IaC security platforms.
Experience securing containers, Docker, and serverless workloads.
Knowledge of Infrastructure as Code frameworks (e.g., Terraform, CloudFormation).
Familiarity with threat modeling frameworks (e.g., STRIDE).
Security or development certifications such as:
CSSLP, CISSP, GWAPT, GWEB, OSWE, or equivalent.
Cloud security certifications (AWS, Azure, or GCP).
Behavioral & Professional Expectations
Strong collaboration skills; ability to influence without authority.
Comfortable balancing security risk with business and delivery priorities.
Highly organized, detail‑oriented, and self‑directed.
Customer‑service mindset toward internal development teams.
Ability to remain effective in fast‑paced, evolving technical environments.
Commitment to confidentiality, ethical conduct, and continuous improvement.
Additional Information
Travel: 0–25% (as needed).
Work hours may occasionally include non‑standard hours to support critical releases or incidents.
Job level and scope may be adjusted based on experience and qualifications.
Experience Level Adjustment Should the selected candidate meet the qualifications of a more experienced level in the career path, the job level may be adjusted.
Benefits
Medical, Dental, Vision and Prescription Drug Program
Retirement 401(k) Traditional or Roth Program Options with Company Match
Vacation and Holidays
Parental Leave
Short Term and Long Term Disability Leave
Flexible Spending Accounts
Tuition Assistance Program
Employee Assistance and Mental Health/Substance Abuse Program
Life Insurance, Accidental Death and Dismemberment Insurance
Supplemental Insurance including Hospital Indemnity, Critical Illness and Accident Insurance
Additional Wellness Programs and Rewards Available
EEO Statement Altec Industries, Inc. and its affiliates are equal opportunity employers and maintain affirmative action plans to recruit, retain, develop, and promote qualified individuals without unlawful consideration of race, gender, color, religion, sexual orientation, gender identity, national origin, age, disability, citizenship status, veteran status, or any other characteristic protected by federal, state or local law. Altec strives to maintain a work environment free from unlawful discrimination and harassment, where associates are treated with respect and dignity.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.